Connections Install in 45 mins* As quick as “The Flash”© Sharon Bellamy – Cube Soft Consulting Ltd / Senior Engineer - Rock Team *Note the install may take a lot longer than 45 mins The Flash is © of DC Comics Who am I? Sharon Bellamy Mum, workaholic, Star Wars & Disney enthusiast – Mandalorian costumer, cosplayer, Sci-Fi fan & trustee for iCosplay anti-bullying campaign Administrator and Implementer Specializes in IBM Connections, WebSphere and other collaboration solutions Working with WAS based products since 2003 Lover of Linux Nathan James – Partner, Installer, system admin and makes a great cup of tea Agenda • • • • • • • • • Why? Plan, plan and plan some more Software Required Useful Tools Pre-Reqs Installation Configuration Troubleshooting Importing Data • POC > Live • Resources / Help Want to use the Domino/Notes Files and Profiles entitlements – Where do we start? Connections proof of concept – lets try before we buy – if we like it we’ll make this our live server!! We need a test / dev system, upgrade testing, UI development, integration test system I need to do some Connections development and need a dev system Our system was installed by a BP / IBM – now I need to look after it, where do I start? Need to upgrade to Connections 5 – test a fix pack, install a new component and I don’t want to break live I am THE IT guy – Never touched WebSphere – HELP !!! 4 What OS – Windows / Linux • For TEST or Dev systems try to keep same as LIVE or system developing for LDAP – plug into the *real* one where possible If you need a dev LDAP make sure the schema is the same as the live system Database – as the live / system developing for (i.e same DB type, same release) Note that if you are planning on populating the new system with existing data it must be same OS / versions for simplicity (its possible but a world of pain otherwise) • Size your system for current and expected growth – this will affect the topology required • • • • – Windows / Linux • How many VM / Machines required? • Small deployments of a few hundred users can happily sit on one reasonably sized machine • If medium deployment how many JVMS / WebSphere servers / Nodes? • Make decisions before you start • Straight forward to add additional nodes • Easier to add than take things away • It is much harder to change pieces of the environment once installation starts • Understand what you are trying to achieve before you install ANYTHING Topology Examples Small Topology Example Topology Examples Medium Topology Example Software Required WebSphere 8.5.5 + Fix pack 2 WebSphere 8.5.5, Supplemental software + Fix pack 3 Connections Install (for your OS) Connections Wizards (for your OS) TDI 7.1.1 + Fix pack 3 DB – for your OS – DB2 10.1 (FP4), Oracle 11.0.2g, MSSQL (win 2008/12) See resources for a list of part numbers Useful Tools: LDAP Browser, decent txt editor, Baretail (windows), Connections admin scripts (see scripting101.org) LDAP - PreReqs WebSphere / Connections / TDI requires read access to an LDAP Server LDAP can be: Active Directory, Domino, Novell eDirectory, Sun/Oracle & TDS WebSphere must be able to see the users you wish to add to / use Connections – this can be the root, a group, an OU or selected via an LDAP filter Things to Note: Novell eDirectory – the DB population wizard won’t run, edit TDI scripts and run manually Domino – If the root LDAP is used and you wish to add a second LDAP base entry, errors will occur. Use the work around on my blog. Ensure the LDAP is *right* before you start Before we begin • LDAP Bind Account • Ensure you have access to an account that can read the LDAP , also required base DN / org and what container the users live in Base DN DC=virtual,DC=home,DC=local Container OU=cubesoft,DC=virtual, DC=home,DC=local Test with an LDAP browser: i.e. Softerra LDAP Browser (WIN) Apache Directory Studio (Linux) Before we begin Firewall off / AV off Windows • UAC off Linux • • • • SE Linux off Ensure X11 forwarding is configured (test with xclock) Install any required libraries (esp 32 bit ones – see resources) Set security limits (or you will see too many files open issues) Grab a coffee (or beverage of your choice) lets start Prerequisites WebSphere: • Install and Patch WebSphere 8.5.5.3 • Install and Patch HTTP Server, Plugin & WCT 8.5.5.3 • Create WebSphere Cell (Deployment manager and Node) • Secure WAS against the LDAP server Database / TDI: • Install DB and patch to required level (DB2 10.1, Oracle 11.0.2g, MSSQL) • Install and Patch TDI to V7.1.1 fp3 • Use DBWizards / scripts to create DBs and set permissions* • Populate DB using TDI Population Wizard / Scripts – check the populate with the sql command: select * from empinst.employee; - to view the imports select count (*) from empinst.employee; - this shows number of records *you may need to create the DB accounts prior to running depending on set up Installing Pre-Reqs Many guides to assist in installing the pre-req software, zero – hero, IBM guides, documentation and many blogs. Important things to remember: Do not set WebSphere services to automatic – we can do this later if necessary Create / federate WAS nodes prior to Connections install – you can add extra nodes afterwards as long as you have a Cell with at least one node for install When TDI is installing make sure you do not start the config editor Once WAS is secured against the LDAP ensure you can see the users by checking in the Admin console / ISC – Users and Groups > Manage Users If using Domino as an LDAP source and you are using the *root*, be aware that if you wish to add a second LDAP for external users *root* overwrites everything – see the work around that will be on my blog. Once pre-reqs are installed – if you are using a VM, snap shot at this point allowing you to roll back if there are any installation problems. Install Connections • Fire up the installer • Accept the license • Select the install package - take out spaces and the evil that is the program files if on windows • Select all the Connections apps - except CCM – that’s a whole other ball game • Point to the WebSphere install - add FQDN of WAS host even if local • Select deployment size – Small for single JVM / WebSphere server, Medium if you want more than one JVM / WebSphere server • Add DB info and passwords • Select Cognos later • Shared / Local Content on local machine – shared can be on a network / san – must use UNC name not mapped drive letter, it can also be moved later • Notifications – fill in relevant info if yes, even if not required now you can leave it / set it to example.com to make it easier to reconfigure in the future INSTALL – it’s go grab a coffee again time 15 #engageug 17 Install Connections - continued • Connections is now installed • If you get any errors on install check the suggested log and correct the errors. • Restart the deployment manager server. • Start the nodeagent server and watch the log / wait for the applications to sync – this can take a while. • Start the node server(s) and wait until it is completely started and synchronised. ADMA7021I: Distribution of application oEmbed completed successfully. ADMA7021I: Distribution of application ConnectionsProxy completed successfully. ADMA7021I: Distribution of application Help completed successfully. ADMA7021I: Distribution of application Dogear completed successfully Yes it really is that easy Until something goes wrong – see troubleshooting .. We’ll get to that later .. Test initial install Start the Connections Server(s) Cmd line: cd E:\IBM\WebSphere\AppServer\profiles\AppSrv01\bin cd /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin startServer.bat/sh <name_server> NOTE: If you split the apps up into clusters, start the server with profiles on first. Then the infra apps (homepage, search,news etc). This makes for a cleaner more efficient start up. Test initial install Use the URL of the local Connections machine + the port number/homepage #engageug 22 Configuration File quota, Logs, Search Application Security Performance Tuning / Config changes 23 Connections Configuration • Configure WebServer – Plugin and deflate module & change Connections config file • Configure search, dictionaries, languages and file content searching • JVM tuning – by default the Connections servers are set at 2.5GB • Log sizes and amount – they are 1mb and you get one file by default • Tune data source connections – for live / poc >live environments • Set Application (J2EE) security roles – force users to log in to all apps • Configure file policies (file upload size) / user file limit – default 512mb • Configure community file policies – default 512mb • Configure Blog attachment sizes – by default attachment 1mb / blog 10mb • Configure Wiki attachment / policy sizes • Enable customization debug – if you are making UI changes Configure the WebServer HTTP Server config Configure HTTP server up to use SSL and test first before configuring for Connections. If you don’t have an existing SSL cert, create a self-signed one for testing. Use the WebSphere Customization Tool box to configure. It has a wizard to select HTTP Server type, the HTTP server config file, you can optionally set up the HTTP Admin server, give the definition a unique name, Point to the WebSphere Server install (remote even if local), the plugin will configure and generate a batch/sh script (in /IBM/WebSphere/Plugins/bin/). This covers the Configuring the IBM HTTP Server topic in the knowledge base. Copy the script to <WAS_Home>/bin then run it. The HTTP server will now be configured and added to the deployment manager. The applications are mapped & plugin generated. The WebServer is now available in the ICS / WebSphere console #engageug 25 Configure the WebServer Checkout the Connections config file and change the URL to that of your webserver (see knowledgebase for details on how to check the file out) <sloc:href> <sloc:hrefPathPrefix>/activities</sloc:hrefPathPrefix> <sloc:static href="http://demo2.cube-soft.co.uk" ssl_href="https://demo2.cube-soft.co.uk"/> <sloc:interService href="https://demo2.cube-soft.co.uk"/> </sloc:href> </sloc:serviceReference> Check the file back in – restart and you are all systems go – on the correct URL You can also add a URL re-write include to route HTTP traffic to the connections URL. Create arewrite.conf in IBM/HTTPServer/conf Add the following: #Rewrite RewriteEngine on RewriteRule ^/$ /homepage [L,R] #engageug 26 Search Configuration Copying search configuration tools to local nodes – listed as an optional task – BUT mandatory – full file and tag indexing doesn’t work correctly unless this step is completed http://www-01.ibm.com/support/knowledgecenter/SSYGQH_5.0.0/admin/install/t_setting_path-variables_Search.dita Copy <connections_data>/shared/search stellent – directory with the search conversion tools dictionary – dictionary tools to the <connections_data>/local/search Edit the WebSphere variable for the file content conversion and search dictionary directory – ensure you use the full path of the exporter (exporter.exe or exporter for linux/unix) FILE_CONTENT_CONVERSION C:\IBM\Connections\data\local\search\stellent\dcs\oi export\exporter.exe SEARCH_DICTIONARY_DIR C:\IBM\Connections\data\local\search\dictionary Save the changes and restart the connections servers to pick up the change. You may want to rebuild the search index to search inside files, wikis and blogs. #engageug 27 JVM Tuning JVM (Java Virtual Machine) heap sizes should be set according to your environment. By default the maximum JVM heap is set to 2506 MB for each Connections server. The JVM heap size can be changed in the ISC. Each server must be changed individually. Server Types > WebSphere Application Server > <server name> > Server Infrastructure > Java Process Management > Process Definition > Java Virtual Machine To use the script to set the JVM heap, use the cfgJVMHeap.py script. The script shows actual size of initialHeapSize and maximumHeapSize for all JVM. Prompts for initialHeapSize and maximumHeapSize for all JVM. “Return” leaves actual setting intact with no changes. Once complete, restart the Websphere servers and the new JVM settings will be used. #engageug 28 Changing the log sizes Default Setting for JVM Log Files (SystemOut.log & SystemErr.log): Size: 1 MB No historical Log Files Too small to troubleshoot errors Reconfigure: Size: 20 – 40 MB 5-10 historical Log Files Configure via the ISC (Wasadmin console) Many clicks, time consuming Especially for large environments Troubleshooting > Logs and trace > <server name> > JVM Logs Or use the community scripts: use a script to set the log size and history (cfgLogFiles.py). The script prompts for RolloverType – Size (to just set the size) or Both for size and history. Maximum log size in mb. Maximum number of backup files. #engageug 29 Datasource Tuning 15 + Data Sources to Change (at least 100 mouse clicks) Resources > JDBC >Data sources > <data source name> > Additional Features > ConnectionPools Change the maximum and minimum connections for each data source, save each of the changes, sync the nodes and restart the servers. Or use the script - cfgDataSource.py About 30 seconds to change all needed parameters of all Data Sources Set the data source properties in the ibmcnx.properties in the script directory – allowing edits and re-running of the script. #engageug 30 Configure Application Security By default many of the Connections apps are open to read access, to enable users to log in before accessing the User/Group security roles must be set. This can be changed in the ISC for each application Browse Applications > Application Types > WebSphere enterprise applications Click the Security role to user/group mapping – select the Group (or special subjects – All authenticated) Or use the community scripts – J2EERolesRestricted.py Reads the users and groups from the properties files. There are also scripts to back up and restore the roles and to set specific roles such as social mail, moderator, metrics etc. NOTE - Applications restart automatically, when you change J2EE roles. #engageug 31 Configure Application Security #engageug 33 Configure library sizes By default the max file upload size / library size is 512mb Use the wasadmin commands to change this: <WebSphere_Home>/profiles/Dmgr01/bin wsadmin.bat/sh -lang jython execfile("filesAdmin.py") FilesConfigService.checkOutConfig(“<checkout>", “<cell>") FilesConfigService.updateConfig("file.media.maximumSizeInKb", “1572864") This command updates the maximum size for each file to upload – in this example its 1.5GB FilesPolicyService.editPersonalDefault(2147483648L) This command updates the default library size for each user to 2GB FilesPolicyService.editCommunityDefault(2147483648L) This command updates the default library size for each community to 2GB FilesConfigService.checkInConfig(“<checkout>", “<cell>") Numbers 2GB or greater are long literals, and you must add an "L" to the end of the number, for example a policy of 2GB must be 2147483648L #engageug 34 Configure library sizes Also possible by using the community scripts Work with Files Policies (ibmcnx/cnx/FilesPolicies.py) Work with Libraries (ibmcnx/cnx/LibraryPolicies.py) Show Library Sizes (ibmcnx/cnx/LibrarySizes.py) The work with file policy script prompts to Add, Edit or Delete a policy – you may edit existing or Connections default policies or add your own. This allows you to add specific policies which you can then assign to certain users using the Library Policy script – for example: 5 3.0 GB dc63c31b-1a5a-4a05-a967-32b737c22eed SharonLarge The Library script prompts to work with Personal or Community policies – you may search using name or wildcard Please type the number of the library? 3 Policy will be assigned to: Nathan James Actual assigned policy is: !Default for Personal Files Which policy do you want to assign? 5 The policy with the id dc63c31b-1a5a-4a05-a967-32b737c22eed is now assigned to the library with the id 299e5d7e-2c69-4f67-b88ebdccc71d5b23 . #engageug 35 Other Customization Specify site wide settings for blogs in the Blogs admin UI By default the max upload size is 1mb and directory size is 4mb http://www-01.ibm.com/support/knowledgecenter/SSYGQH_5.0.0/admin/admin/t_admin_settings_UI.dita Setting wiki media, pages and attachment sizes Default sizes are: Media: 512 MB, Pages: 1 MB, Attachments: 75 MB execfile("wikisAdmin.py") WikisConfigService.checkOutConfig("<checkout dir>", "<cellname>") WikisConfigService.updateConfig("file.media.maximumSizeInKb", "<number_of_kilobytes>") WikisConfigService.updateConfig("file.page.maximumSizeInKb", "<number_of_kilobytes>") WikisConfigService.updateConfig("file.attachment.maximumSizeInKb", "<number_of_kilobytes>") WikisConfigService.checkInConfig("<checkout dir>", "<cellname>") http://www-01.ibm.com/support/knowledgecenter/SSYGQH_5.0.0/admin/admin/t_admin_wikis_setting_maxsize.dita #engageug 36 Other Customization Customizing the user interface: http://www-01.ibm.com/support/knowledgecenter/SSYGQH_5.0.0/admin/customize/t_admin_common_customize_main.dita Add the WebSphere variable CONNECTIONS_CUSTOMIZATION_DEBUG true Very well documented now. Covers most aspects of interface customization, from images, header, footer, login page, error page, getting started, strings and properties (for the connections wording), notifications …. The list goes on Other configuration changes: • Ajax proxy for RSS feeds etc. • Flag as inappropriate • Enable additional language support • Hide metrics links • Force Connections traffic to HTTPS • Wikis table of contents (enable macros) • And so much more ….. #engageug 37 Troubleshooting Troubleshooting – Where to start? Log files are your friend Set of logs per WebSphere server (JVM) Location: <WAS_HOME>/profiles/<profilename>/logs/<server name> SystemOut.log – holds almost everything you need to diagnose most issues. Generally any timeouts, LDAP issues, DB connection problems and other issues are all written to this log. WebServer Logs Access and error logs are the ones to check here. Location: <HTTP_HOME>/logs. If there are issues hitting the HTTP Server, check both of these logs. One thing to note is these don’t roll – so they get very large. Archive regularly to keep manageable. WebSphere Plugin Log Location: Websphere/Plugins/logs Any issues with the plugin, SSL certs problems between the webserver and WebSphere will be displayed in this log. Troubleshooting – Where to start? As well as checking the logs checking the applications, WebSphere server status and database connectivity is a great place to start. Check the WebSphere server status from the command line: <WAS_HOME>/profiles/<profileName>/bin/serverStatus.bat/sh –all i.e. [root@con2 bin]# ./serverStatus.sh -all ADMU0505I: Servers found in configuration: ADMU0506I: Server name: nodeagent ADMU0506I: Server name: server1 ADMU0506I: Server name: tc_server1 ADMU0508I: The Node Agent "nodeagent" is STARTED ADMU0509I: The Application Server "server1" cannot be reached. It appears to be stopped. ADMU0508I: The Application Server "tc_server1" is STARTED Use the scripts to check the appStatus or Database connectivity: Check if all Apps are running (ibmcnx/check/AppStatus.py) Check Database connections (ibmcnx/check/DataSource.py) Troubleshooting – Where to start? Possible issues: DB problems – Connections will start or be started, will complain of connectivity or data issues. Check the DB, datasource connections – Connections servers SystemOut.log is a good place to start. LDAP – can’t log in, or people currently logged in are fine but new connections are refused. Check LDAP connectivity. Use an LDAP browser to test. Connections servers SystemOut.log will have LDAP errors logged. JVM heap / memory errors – reported Connections servers SystemOut.log and System.Err log. Can be specific to a given JVM. System will appear to hang, then may recover. Tune and test. Importing Data Offline backup new environment DB and file system data (<connections_data>/shared) If you back up the *clean* new system it allows you to roll back to clean if there are any migration issues. Offline backup existing/live environment DB and file system data (<connections_data>/shared) Ensure the system is off. Migrating data with an online back up can cause issues and isn’t particularly straight forward. Copy DBs to migrate to new db machine Restore DBs (you may need to drop the new environments DBs to do this) In the case of DB2 – drop V5 DBs, restore V4 / 4.5 DBs and they will be updated to latest DB2 version on restore. Run the Connections update scripts / wizards This updates the migrated DBs to the new version Apply the DB updates for any CR you have applied to the new environment (i.e CR1) Sync Tdi to update any LDAP / Employee information Importing Data File System Data: Copy the following content to the following directories – If any of the new V5 shared directories do not exist create them Content Store Location shared_content_store/audit shared_content_store/activities/content shared_content_store/activities/statistics shared_content_store/blogs/upload shared_content_store/communities/statistics shared_content_store/customization shared_content_store/dogear/favorite shared_content_store/files/upload shared_content_store/forums/content shared_content_store/profiles/statistics shared_content_store/wikis/upload Data is now migrated – on to the post migration steps .. Post migration / update • Clear the scheduled tasks • http://www-01.ibm.com/support/knowledgecenter/SSYGQH_5.0.0/admin/admin/t_admin_common_clear_scheduler_after_ltpa_change.dita • wsadmin script • execfile("connectionsConfig.py") • Scheduler.listAllTasks() • Scheduler.clearAllTasks() • If there are issues use the clearScheduler.sql in the wizards\db directory • Rebuild the search index • • • • • • http://www-01.ibm.com/support/knowledgecenter/SSYGQH_5.0.0/admin/admin/t_admin_common_clear_scheduler_after_ltpa_change.dita • Delete the search index and rebuild Resync community files • FilesDataIntegrityService.syncAllCommunityShares() Re-apply any customisations and file quotas that may have been overwritten If moving from V4 add / change the filestore for Activities – see technote • https://www-304.ibm.com/support/docview.wss?uid=swg21676288 If the new system is live – Configure notifications (if required) Test The boss has decided … Proof of concept or test Is now *LIVE* What do you do? POC to LIVE Many customers take this path: Advantages – data is in the system when you roll out live. You have seen how the system performs with the POC group and can tune accordingly. Any changes can be made prior to the live roll out. Disadvantages – Any test data will need to be manually removed from the system by the users that have created it. #engageug 47 POC to LIVE • When rolling out a POC, assume that it may end up as your live system. • Ensure the users of the system are aware that this system may well become your live and to use it as such. • Careful planning means a few tweaks • Tune the JVMs, turn the customization debug off, tune data sources if required, add additional nodes, change webserver URL if necessary • Avoid changing LDAP source but if you do ensure that the mail or uid fields are the same between source and target and use the sync_hash field in the profiles_tdi.properties file (use uid or mail to hash against) • Where possible use the community scripts • Simple config with a few commands, no chance of typos or missing a step. 48 Resources and Help Resources and Help • Connections 5 Part Numbers: http://www-01.ibm.com/support/docview.wss?uid=swg24037654 • Note • If you are using windows 2012 you must use DB2 10.1 fp 4 or the installer will fail • If you are using windows 2012 you need to run the TDI installer in compatibility mode or it will fail when you run the installer – see technote: http://www01.ibm.com/support/docview.wss?uid=swg21634336 • If you are using FEB for forms and surveys, use 8.5.1 if you wish to use anything other than cn for the display name. There are known issues with 8.5.0.1. • Community Scripts: http://scripting101.org • Linux / AIX: • 32bit libs - https://www-304.ibm.com/support/docview.wss?uid=swg21459143 • Libs req: http://www-01.ibm.com/support/knowledgecenter/SSYGQH_5.0.0/admin/install/r_linux_libraries.dita • More info see: http://www-01.ibm.com/support/knowledgecenter/SSYGQH_5.0.0/admin/install/r_before_installing.dita • This session will be available via the web – http://cube-soft.co.uk/cnxsupport Skype Chats • There are a number of community skype chats If you wish to be added to any of these chats either ping myself or Christoph. Sharon – dilftechnical Christoph - christophstoettner #engageug 52 This presentation mentions the following Copyrights and Trademarks. •IBM® Notes® •IBM® Domino® •IBM® Connections •IBM® WebSphere® •IBM® DB2 •IBM® AIX® •Tivoli® •Linux® •Java® •Microsoft® Windows® •Red Hat® Linux® •Twitter® •Skype®
© Copyright 2025